26-12-2017 My Mobile
Digimine is only affecting messenger’s desktop or web browser (Chrome) version; your Facebook account now shouldn’t have automatic logged-in option
“Digimine” the new-fangled Cryptocurrency malware is now spreading rapidly on Facebook messenger all through the world. The malware was first observed in South Korea and a warning is now issued by Trend Micro, the Tokyo-headquartered IT security firm.
The virus has now spread in other parts of the world such as Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela after its first attack on South Korea. Cybersecurity experts are now speculating that it could soon spread other countries as well within a week.
It is further revealed that “Digimine” will only affect the Messenger’s desktop or web browser (Chrome) version. However, if messenger is opened on other podium like mobile app the malware cannot attack. IANS reported that "Digmine" is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.
If your Facebook account has, an automatic logged in option the risk is quite high because the malware will then maneuver the messenger so that it can send a file to the account’s friends.
IANS further stated that the abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.
If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.
The malware performs other activities such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.